Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-7386 | The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. | 4.3 |
| 2024-09-25 | CVE-2024-7426 | Information Exposure Through an Error Message vulnerability in Peepso The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.6.0. | 5.3 |
| 2024-09-25 | CVE-2024-7491 | The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woof_messenger_remove_subscr AJAX action due to missing validation on the 'key' user controlled key. | 5.3 |
| 2024-09-25 | CVE-2024-7617 | Cross-site Scripting vulnerability in Itpathsolutions Contact Form to ANY API The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-09-25 | CVE-2024-8349 | Missing Authorization vulnerability in Uncannyowl Uncanny Groups for Learndash The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. | 7.2 |
| 2024-09-25 | CVE-2024-8350 | Missing Authorization vulnerability in Uncannyowl Uncanny Groups for Learndash The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1. | 2.7 |
| 2024-09-25 | CVE-2024-8434 | Missing Authorization vulnerability in Themehunk Mega Menu The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. | 4.3 |
| 2024-09-25 | CVE-2024-8476 | Cross-Site Request Forgery (CSRF) vulnerability in Wpplugin Easy Paypal Events The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. | 4.3 |
| 2024-09-25 | CVE-2024-8481 | Code Injection vulnerability in Simplelib Special Text Boxes The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. | 7.3 |
| 2024-09-25 | CVE-2024-8483 | Unspecified vulnerability in Madrasthemes MAS Static Content The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. | 6.5 |